SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
LDR516: Building and Leading Vulnerability Management Programs
LDR516Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 Hours (Self-Paced)
Course created by:
David Hazar & Jonathan Risto
Course created by:David Hazar & Jonathan Risto
- 30 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 29 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Integrate strategic and tactical approaches to level up enterprise vulnerability management programs while addressing infrastructure and cloud environment challenges.
Featured Quote
Excellent labs. More fun than I thought possible with vulnerability management.
Course Overview
This course equips security professionals with proven strategies to mature vulnerability management programs and transition from merely identifying vulnerabilities to successfully treating them. Using the Prepare, Identify, Analyze, Communicate, and Treat (PIACT) Model, you'll learn to think strategically about vulnerability management while receiving practical guidance to overcome common challenges. The course addresses the complexities of managing vulnerabilities across traditional infrastructure, applications, and cloud environments.
Through 16 hands-on exercises and the Cyber42 leadership simulation game, you'll develop both strategic thinking and tactical skills to prioritize unblocked vulnerabilities, communicate risk effectively, and implement remediation techniques that work. This vulnerability management training course helps security professionals adapt their practices as organizations adopt cloud services and implement DevOps methodologies.
What You'll Learn
- Build and evolve vulnerability management programs across traditional, cloud, IoT, and hybrid environments
- Prioritize vulnerabilities using business-aligned context and threat intelligence
- Develop and apply VM metrics to measure program maturity, demonstrate risk reduction, and drive stakeholder support
- Design remediation strategies that include patching, compensating controls, and automated tools to minimize exposure
- Communicate vulnerability risk effectively to executives, IT, and business units using tailored reporting and dashboards
- Align VM with regulatory frameworks (e.g., NIS2, NIST, HIPAA, GDPR, CRA) and board-level governance for sustainable compliance
Business Takeaways
- Assess organizational strengths, weaknesses, and maturity in vulnerability management programs
- Prepare for and respond to critical vulnerabilities and zero-day issues
- Prioritize security investments using data-driven decision-making and contextual risk models
- Translate technical VM findings into business impact to improve executive understanding and buy-in
- Uncover hidden obstacles by grouping and analyzing vulnerabilities
- Use program metrics and reporting to improve compliance posture and guide continuous improvement
- Implement proactive remediation capabilities
Meet Your Authors
- Slide 1 of 2
David Hazar
Certified InstructorDavid is a security consultant with 20+ years of experience in vulnerability management, application security, cloud security, and DevOps, a co-author of LDR516: Building and Leading Vulnerability Management Programs, as well as an instructor for SEC540: Cloud Security and DevSecOps Automation.
Read more about David Hazar - Slide 2 of 2
Jonathan Risto
Principal InstructorWith a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, Jonathan has a deep technical background that provides a wealth of information he draws upon when teaching.
Read more about Jonathan Risto
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in LDR516: Building and Leading Vulnerability Management Programs.
Section 1Vulnerability Management Design and Planning
This section examines the importance of vulnerability management and introduces cloud service impacts. You'll explore asset management as a foundation for effective vulnerability management and learn how contextual information enhances program success.
Topics covered
- Course overview
- Cloud vulnerability management
- Asset management fundamentals
- Contextual information importance
- Cloud-native asset management
Labs
- Moving to the Cloud
- Critical Attributes
- Leveraging Asset Context
- Cyber42 Game Round 1
Section 2Vulnerability Identification
This section addresses identification challenges and architectural design across infrastructure and applications. You'll learn about scanning strategies, permission management, and responsible disclosure practices to enhance vulnerability detection capabilities.
Topics covered
- Identification challenges
- Architecture and design
- Cloud identification methods
- Scanner configuration
- Proactive identification
Labs
- Scanning Techniques
- Scan Validation
- Pipeline Integration Demo
- Cyber42 Game Round 2
Section 3Vulnerability Analysis, Metrics, and Communication
This section teaches techniques to analyze vulnerability data, reduce inaccuracies, and identify root causes. You'll learn prioritization strategies, develop meaningful metrics, and create targeted reports to drive remediation action.
Topics covered
- Contextual analysis techniques
- Exclusion groups and risk
- Effective metrics development
- Communication strategies
- Vulnerability management meetings
Labs
- Contextual Prioritization
- Solution Groups and Types
- Cyber42 Game Round 3
Section 4Driving Remediation and Automation
This section explores remediation processes, technologies, and integration with change management. You'll examine cloud challenges, application vulnerability remediation, and alternative treatments when traditional methods aren't viable.
Topics covered
- Change management
- Patch management
- Configuration management
- Cloud management
- Application management
Labs
- Changing Culture
- Gold Image Pipeline
- Remediation Effectiveness
- Cyber42 Game Round 4
Section 5Collaboration and Continuous Improvement
This section synthesizes course learnings and focuses on program enhancement. You'll discover strategies to make vulnerability management engaging, identify key stakeholders, and build mature vulnerability management programs.
Topics covered
- Stakeholder buy-in techniques
- Making vulnerability management engaging
- Cross-team collaboration
- Program creation and advancement
- Tool selection strategies
Labs
- Vulnerability Management Buy-In
- Cyber42 Game Final Round
Things You Need To Know
Relevant Job Roles
Security Control Assessment (OPM 612)
NICE: Oversight and GovernanceResponsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.
Explore learning pathVulnerability Analysis (OPM 541)
NICE: Protection and DefenseResponsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchasing Options?Contact Us
OnDemand Bundle
When purchasing a live, instructor-led course, add 4 months of online access. View price in the info icons below.
SANS Skills Quest by NetWars Core Edition
Add 6 months of hands-on skills practice. Add to your cart when purchasing your course.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by Jonathan RistoDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,260 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Jonathan RistoDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by Jonathan RistoDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Virtual (live)
Instructed by Jonathan RistoDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Jonathan RistoDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Amsterdam, NL & Virtual (live)
Date & TimeFetching schedule..View event detailsCourse price€7,715 EUR*Prices exclude applicable local taxes
Showing 6 of 6
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3It is excellent for people who are creating and implementing their VMP. The course is detailed, thorough, and sets clear expectations for a successful program.
- Slide 2 of 3Great class full of new info for beginners and experienced VM folks. Thank you!
- Slide 3 of 3I have really enjoyed the discussions around these labs and hearing similarities from other users. I think this format for labs is fun.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources